Planet Team found a misconfigured Elasticsearch server belonging to a popular office supplies store chain leaking nearly one million records, including customers’ information.
The non-password defended database was discovered by the Planet team led by Jeremiah Fowler on March 3. Planet Team quickly tracked it back to Office Depot Europe, operating across the region with bricks-and-mortar stores and online under the Office Depot.
Amidst the 974,000 unencrypted records found in the database were customer names, office addresses, phone numbers, home, @members.ebay addresses, marketplace logs, order histories, and hashed passwords.
Fowler warned that cyber-criminals could have used such data to perform special phishing attacks.
“Let’s hypothetically say a criminal calls the customer and they validate the recent order. Next, the criminal says something is wrong with your billing information. Can you please provide me with the credit card number used for your purchase?” he explained.
“The customer would have no reason to doubt this because the caller can validate real details that only the retailer would know. It is how a social engineering attack works, and it is one of the most common forms of fraud used today.”
Even though Office Depot Europe achieved the database within hours of the announcement, thanking the researchers for leading the information to them, Fowler claimed it might have been exposed for up to 10 days.
It would have put at danger not only from data-hunting cybercriminals but automated ransomware scripts. And some other tools which cleanse the internet for misconfigured databases.
The Organization, alongside the customer information, used data on IP Addresses, Middleware, Pathways, Storage Systems, and Ports. Fowler said they could have exploited to target the Office Depot Corporate Network.